Travellers wait in Terminal 4 at Heathrow Airport on Sept. 20, 2025 after major European airports including Brussels, Berlin and London’s Heathrow were hit by “cyber-related disruption.”
Justin Tallis | Afp | Getty Images
Disruption at some European airports continued for a second day on Sunday after a cyberattack targeted check-in technology company Collins Aerospace.
The U.K.’s largest airport, Heathrow, was among those affected, along with airports in Berlin and Brussels.
Brussels Airport on Sunday asked airlines to cancel half of Monday’s scheduled departing flights as issues with its check-in system remain unresolved.
A spokesperson for the airport said Collins Aerospace, the system’s provider, has yet to deliver a secure updated version of the software necessary to restore full functionality.
What happened?
Collins Aerospace “provides check-in and boarding systems for several airlines across multiple airports globally,” Heathrow Airport said in a post[1] on X Saturday.
Collins’ parent company, RTX[2], said in a statement to Reuters that it was aware of “cyber-related disruption” to its MUSE software.
“The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations,” RTX, formerly Raytheon Technologies, said in a statement emailed to Reuters. It added that it was looking to resolve the issue as soon as possible.
CNBC has contacted RTX for comment and is awaiting a response.
Which airports are affected?
Aviation analytics provider Cirium told CNBC that on Sunday so far, 38 departures and 33 arrivals had been canceled across Heathrow, Berlin and Brussels, as of 10 a.m. London time.
On Saturday, 35 departures and 25 arrivals were canceled. Brussels saw the highest number of flight cancellations, at 15.
All three airports issued updated statements Sunday.
Heathrow said it was working to “resolve and recover[3]” following the Collins outage that impacted check-in.
Passengers continue to wait at the Brussels Airport as European airports are experiencing disruptions due to a cyberattack on the check-in and boarding system in Brussels, Belgium on Sept. 20, 2025.
Anadolu | Anadolu | Getty Images
“We apologise to those who have faced delays, but by working together with airlines, the vast majority of flights have continued to operate,” it said on X. “We encourage passengers to check the status of their flight before travelling to Heathrow and to arrive no earlier than three hours for long-haul flights and two hours for short-haul.”
Brussels said on its website[4] Sunday that the cyberattack was having “a large impact on the flight schedule and unfortunately causes delays and cancellations of flights.” It advised travelers to check their flight status before leaving for the airport.
Berlin warned travelers[5] of longer waiting times due to a “systems outage at a service provider.”
Dublin Airport was also affected, but said it expects to operate a full schedule on Sunday[6].
“Some airlines in Terminal 2 are continuing to use manual workarounds to generate bag tags and boarding passes. This means that the check-in and bag drop processes may take slightly longer than normal,” the airport said on X.
Latest in a line of cyberattacks
The attack on Collins Aerospace is the latest in a series of high-profile cybersecurity breaches that have made headlines.
Jaguar Land Rover said last week that it was extending a pause in production[7] until Sept. 24 following a cyberattack. “We have taken this decision as our forensic investigation of the cyber incident continues, and as we consider the different stages of the controlled restart of our global operations, which will take time,” the company said in a statement.
While British retailer Marks & Spencer[8] earlier this year said a recent cyberattack, which left food shelves bare and brought online sales to a standstill, would wipe out almost one-third of its annual profits[9].
However, Charlotte Wilson, head of enterprise at cybersecurity firm Check Point, noted that the aviation industry was a particularly target for cybercriminals given its reliance on shared digital systems.
“These attacks often strike through the supply chain, exploiting third-party platforms that are used by multiple airlines and airports at once,” she said in an emailed statement. “When one vendor is compromised, the ripple effect can be immediate and far-reaching, causing widespread disruption across borders.”
To improve resiliency, she said aviation companies should ensure software systems are regularly updated and well-tested backup systems are in place. She also called for better information-sharing between the technology providers, airlines and governments.
“Cyberattacks rarely stop at national borders, so the faster one country can identify and report an attack, the faster others can take action to contain it,” she said. “A joined-up defence will be far more effective than siloed responses.”
References
- ^ post (x.com)
- ^ RTX (www.cnbc.com)
- ^ resolve and recover (x.com)
- ^ on its website (www.brusselsairport.be)
- ^ warned travelers (ber.berlin-airport.de)
- ^ full schedule on Sunday (x.com)
- ^ pause in production (media.jaguarlandrover.com)
- ^ Marks & Spencer (www.cnbc.com)
- ^ one-third of its annual profits (www.cnbc.com)